From andrew.gross at oracle.com Wed Jan 21 18:56:54 2026 From: andrew.gross at oracle.com (Andrew H. Gross) Date: Wed, 21 Jan 2026 10:56:54 -0800 Subject: OpenJDK Vulnerability Advisory: 2026/01/20 Message-ID: OpenJDK Vulnerability Advisory: 2026/01/20 vuln-report at openjdk.org https://openjdk.org/groups/vulnerability/advisories Releases affected: 8, 11, 17, 21, and 25 OpenJDK CVEs: ? ? CVE-2026-21925? CVE-2026-21932? CVE-2026-21933? CVE-2026-21945 OpenJFX CVEs: ? ? CVE-2025-43368? CVE-2025-47219? CVE-2025-6021? ?CVE-2025-6052 ? ? CVE-2025-7425? ?CVE-2026-21947 Please note that defense-in-depth issues are not assigned CVEs. These issues have been addressed, as applicable, in the following releases: ? 8u482, 11.0.30, 17.0.18, 21.0.10, and 25.0.2 We recommend that you upgrade to these new releases as soon as possible. For more detail about this advisory, please see: ? https://openjdk.org/groups/vulnerability/advisories/2026-01-20 -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x27F209491C0FE9C1.asc Type: application/pgp-keys Size: 4134 bytes Desc: OpenPGP public key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: